tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

regmap-irq: Fix offset/index mismatch in read_sub_irq_data()

We need to divide the sub-irq status register offset by register
stride to get an index for the status buffer to avoid an out of
bounds write when the register stride is greater than 1.

Fixes: a2d21848d921 ("regmap: regmap-irq: Add main status register support")
Signed-off-by: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
Link: https://lore.kernel.org/r/20220620200644.1961936-3-aidanmacdonald.0x0@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>

authored by

Aidan MacDonald and committed by
Mark Brown 3f05010f 485037ae

+2 -1
+2 -1
drivers/base/regmap/regmap-irq.c
··· 387 387 subreg = &chip->sub_reg_offsets[b]; 388 388 for (i = 0; i < subreg->num_regs; i++) { 389 389 unsigned int offset = subreg->offset[i]; 390 + unsigned int index = offset / map->reg_stride; 390 391 391 392 if (chip->not_fixed_stride) 392 393 ret = regmap_read(map, ··· 396 395 else 397 396 ret = regmap_read(map, 398 397 chip->status_base + offset, 399 - &data->status_buf[offset]); 398 + &data->status_buf[index]); 400 399 401 400 if (ret) 402 401 break;